zlacker

[return to "Everyone knows all the apps on your phone"]
1. captn3+ou[view] [source] 2025-03-30 02:37:34
>>gnitin+(OP)
The ACTION_MAIN loophole has been written about before: https://commonsware.com/blog/2020/04/05/android-r-package-vi...

Google refuses to patch this. I wonder what would happen if you submit it to the Android VDP as a permission bypass.

There’s also this SO question by the author about the bypass: https://stackoverflow.com/q/79527331

◧◩
2. 3abito+RC[view] [source] 2025-03-30 04:13:33
>>captn3+ou
> Google refuses to patch this.

That's why projects like XPL-Extended (and previously XPrivacyLua), are an absolute need. I never run an android phone without these.

◧◩◪
3. ignora+PU[view] [source] 2025-03-30 08:21:23
>>3abito+RC
XPrivactLua and other XposedMod/Magisk extensions break open the app sandbox. It is better to restrict running those on usereng/eng builds (test devices). For prod builds (user devices), I'd recommend using Work Profiles (GrapheneOS supports upto 31 in parallel) or Private Spaces (on Android 15+) to truly isolate apps from one another.
◧◩◪◨
4. pava0+1X[view] [source] 2025-03-30 08:45:22
>>ignora+PU
What do you mean by "break open the app sandbox"?
◧◩◪◨⬒
5. schnat+Yi1[view] [source] 2025-03-30 13:11:12
>>pava0+1X
I found this description about the security risks of rooting very eye-opening https://madaidans-insecurities.github.io/android.html It also explains the sandbox.
◧◩◪◨⬒⬓
6. ignora+sr1[view] [source] 2025-03-30 14:18:46
>>schnat+Yi1
A more recent (2023) sandboxing + isolation overview by the Android team: https://arxiv.org/html/1904.05572v3/ (section 4.3)
◧◩◪◨⬒⬓⬔
7. NotPra+dV1[view] [source] 2025-03-30 18:15:19
>>ignora+sr1
> Android’s security design has fundamentally been based on a multi-party authorization model: an action should only happen if all involved parties authorize it.

> these are user, platform, and developer (implicitly representing stakeholders such as content producers and service providers). Any one party can veto the action.

How is this not anti-user? It explicitly states that the app developer should be able to veto my decisions...

◧◩◪◨⬒⬓⬔⧯
8. ignora+ne4[view] [source] 2025-03-31 13:56:56
>>NotPra+dV1
Under the shared responsibility model, such veto makes sense. Just because the end-user (the app has no way to determine if it was a thief or a spy or a monkey or the actual device owner) approves of an action doesn't mean the OS and the app have to grant authorization.

I can see how such a setup is hostile to power users, but then Android is used by 50% of all humanity, and your guess is as good as mine as to just how many want "sudo make me a sandwich" level of control.

[go to top]